Startup Fortune

North Korean Hackers Weaponize Axios Software to Target US Crypto Firms

North Korean hackers compromised the widely used Axios JavaScript library to infiltrate US companies and steal cryptocurrency ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Claude Code unintentionally open source: Source map reveals all

The source code of Anthropic's CLI tool Claude Code was accidentally made publicly accessible via a source map in the npm ...
IEEE

Debun: Detecting Bundled JavaScript Libraries on Web using Property-Order Graphs

Abstract: Detecting front-end JavaScript libraries in web applications is essential for website profiling, vulnerability detection, and dependency management. However, bundlers like Webpack transpile ...
SecurityWeek

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

Two IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week. React2Shell exploitation activity remains strong, with over 1.4 million attempts ...
InfoWorld

jQuery 4.0.0 JavaScript library features trusted types

Announced January 17, the newest version of the jQuery JavaScript library can be downloaded from jquery.com. Trusted types in jQuery 4.0.0 ensure that HTML in the TrustedHTML interface can be input to ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The targeted security defect, tracked as CVE-2025-55182, impacts systems relying on ...
CoinTelegraph

Hackers are exploiting a JavaScript library to plant crypto drainers

The React team published a fix on Dec. 3 and advises anyone using the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack, to upgrade immediately. There has been a recent ...